Cybersecurity researchers have discovered a new campaign that employs malicious JavaScript injections to redirect site visitors on mobile devices to a Chinese adult-content Progressive Web App (PWA) scam.
“While the payload itself is nothing new (yet another adult gambling scam), the delivery method stands out,” c/side researcher Himanshu Anand said in a Tuesday analysis.
“The malicious landing page is a full-blown Progressive Web App (PWA), likely aiming to retain users longer and bypass basic browser protections.”
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The campaign is designed to explicitly filter out desktop users, primarily focusing on mobile users. The activity has been described as a client-side attack that uses third-party JavaScript and only triggers on mobile devices.
The use of PWAs, a type of application built using web technologies that provide a user experience similar to that of a native app built for a specific platform like Windows, Linux, macOS, Android, or iOS, is seen as an attempt to sidestep security protections.
The attacks involve injecting websites with JavaScript code that acts as a loader to trigger the redirection when the site is visited from devices running on Android, iOS, and iPadOS, among others.
The redirections are designed to lead the users to adult content websites or other intermediary redirect pages advertising apps for viewing adult content. The pages subsequently take the victims to a fake app store listing for the supposed Android and iOS apps in question.
“The use of PWAs suggests attackers are experimenting with more persistent phishing methods,” Anand said. “The mobile-only focus allows them to evade many detection mechanisms.”
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager